Samba遠程代碼執行漏洞(CVE-2017-7494) 復現
阿新 • • 發佈:2018-07-14
51cto ucc 協議 samba配置文件 finished arc tin epo type
漏洞背景:Samba是在Linux和UNIX系統上實現SMB協議的一個軟件,2017年5月24日Samba發布了4.6.4版本,中間修復了一個嚴重的遠程代碼執行漏洞,漏洞編號CVE-2017-7494,漏洞影響了Samba 3.5.0 之後到4.6.4/4.5.10/4.4.14中間的所有版本,,確認屬於嚴重漏洞,可以造成遠程代碼執行。
環境準備
×××機:kali2018
靶機:Centos6.5(samba 3.6.9)
靶機部分:
[root@root ~]# yum install samba -y Loaded plugins: fastestmirror Loading mirror speeds from cached hostfile * c6-media: Setting up Install Process Resolving Dependencies --> Running transaction check ---> Package samba.x86_64 0:3.6.9-164.el6 will be installed --> Finished Dependency Resolution Dependencies Resolved =========================================================================================================== Package Arch Version Repository Size =========================================================================================================== Installing: samba x86_64 3.6.9-164.el6 c6-media 5.0 M Transaction Summary =========================================================================================================== Install 1 Package(s) Total download size: 5.0 M Installed size: 18 M Downloading Packages: Running rpm_check_debug Running Transaction Test Transaction Test Succeeded Running Transaction Warning: RPMDB altered outside of yum. Installing : samba-3.6.9-164.el6.x86_64 1/1 Verifying : samba-3.6.9-164.el6.x86_64 1/1 Installed: samba.x86_64 0:3.6.9-164.el6 Complete! [root@root ~]#
編輯samba配置文件
[root@root ~]# vim /etc/samba/smb.conf
在文件末尾處添加以下部分 開啟匿名訪問
[public]
writeable = yes
path = /etc/public
public = yes
創建匿名目錄
[root@root ~]# mkdir /etc/public
[root@root ~]# chmod 777 /etc/public
重啟samba服務
[root@root ~]# service smb restart Shutting down SMB services: [ OK ] Starting SMB services: [ OK ] [root@root ~]#
關閉防火墻 selinux
[root@root ~]# service iptables stop
[root@root ~]# setenforce 0
×××機部分:
Samba遠程代碼執行漏洞(CVE-2017-7494) 復現